Commit 7660666d authored by Romain Bignon's avatar Romain Bignon

break the fucking new protection made by faggots of Banque Populaire

parent b5dcc258
......@@ -97,6 +97,7 @@ class BanquePopulaire(Browser):
self['dialogActionPerformed'] = 'EQUIPEMENT_COMPLET'
self['token'] =['token'])
def get_accounts_list(self):
......@@ -112,6 +113,7 @@ class BanquePopulaire(Browser):
if not self.is_on_page(AccountsPage):
next_page['token'] =
self.location('/cyber/internet/', urllib.urlencode(next_page))
for a in
......@@ -137,6 +139,8 @@ class BanquePopulaire(Browser):
if params is None:
params['token'] =['token'])
self.location('/cyber/internet/', urllib.urlencode(params))
self.token =
......@@ -147,6 +151,7 @@ class BanquePopulaire(Browser):
if len('//a[@id="tcl4_srt"]')) > 0:
self.select_form(predicate=lambda form: form.attrs.get('id', '') == 'myForm')
self.form.action = self.absurl('/cyber/internet/')
params['token'] =['token'])
while True:
......@@ -60,6 +60,32 @@ class BasePage(_BasePage):
def get_token(self):
return, '//form//input[@name="token"]', 1, 'xpath').attrib['value']
def build_token(self, token):
These fucking faggots have introduced a new protection on the token.
Each time there is a call to SAB (selectActionButton), the token
available in the form is modified with a key available in JS:
ipsff(function(){TW().ipthk([12, 25, 17, 5, 23, 26, 15, 30, 6]);});
Each value of the array is an index for the current token to append the
char at this position at the end of the token.
table = None
for script in self.document.xpath('//script'):
if script.text is None:
m ='ipthk\(([^\)]+)\)', script.text, flags=re.MULTILINE)
if m:
table = json.loads(
if table is None:
return token
for i in table:
token += token[i]
return token
class RedirectPage(BasePage):
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment